Logo 
Search:

Sharepoint Forum

Ask Question   UnAnswered
Home » Forum » Sharepoint       RSS Feeds

Permissions issue

  Asked By: Tarak    Date: Apr 17    Category: Sharepoint    Views: 2087

All users are getting access denied error when creating or editing AN ITEM in a
newly created doc lib or list, I have created this script to fix it, but we have
to run it on every newly created doc lib or list? I was told it was a flaw in SP
by the old SP Admin, but I am now wondering if maybe its something that was done
and never fixed is this common with WSS 3.0?

Script:


<script runat="server">

//protected Object _qry_str_Name = null;
//protected Object _qry_str_Request_Id = null;

protected void Page_Load(object sender, EventArgs e)
{

}

protected void _btn_Fix_List_Click(object sender, EventArgs e)
{
//Field ID=”{ba3c27ee-4791-4867-8821-ff99000bac98}”
Name=”PermMask” SourceID=”http://schemas.microsoft.com/sharepoint/v3″
StaticName=”PermMask” Group=”_Hidden” ShowInFileDlg=”FALSE”
Type=”Computed” DisplayName=”Effective Permissions Mask”
Hidden=”TRUE” ReadOnly=”TRUE” Version=”1

if (_tbx_Url.Text == string.Empty)
{
_lbl_Msg_Writer.Text = "Please Enter a valid URL";
}
else
{
if (_tbx_ListName.Text == string.Empty)
{
_lbl_Msg_Writer.Text = "Please Enter a valid List Name";
}
else
{
string weburl =
_tbx_Url.Text;//"http://rscintratest/rscit/Knowledge/";
string listName = _tbx_ListName.Text;//"Knowledge Base";

string RenderXMLPattenAttribute = "RenderXMLUsingPattern";

using (SPSite site = new SPSite(weburl))
{

using (SPWeb web = site.OpenWeb())
{

SPList list = web.Lists[listName];

SPField f =
list.Fields.GetFieldByInternalName("PermMask");

string s = f.SchemaXml;

Console.WriteLine("schemaXml before: " + s);

XmlDocument xd = new XmlDocument();

xd.LoadXml(s);

XmlElement xe = xd.DocumentElement;

if (xe.Attributes[RenderXMLPattenAttribute] == null)
{

XmlAttribute attr =
xd.CreateAttribute(RenderXMLPattenAttribute);

attr.Value = "TRUE";

xe.Attributes.Append(attr);

}

string strXml = xe.OuterXml;

Console.WriteLine("schemaXml after: " + strXml);

f.SchemaXml = strXml;

f.Update();
list.Update();

}
}
_lbl_Msg_Writer.Text = "Permissions should now be fixed";
}
}
}

</script>

Share: 

 

8 Answers Found

 
Answer #1    Answered By: Julia Washington     Answered On: Apr 17

I've never seen anything like that before in WSS. I suspect someone made some
customizations somewhere in the system. It is that customization causing the
problem. This is not a flaw in WSS.

 
Answer #2    Answered By: Shashwat Takle     Answered On: Apr 17

That sounds like going around your something to get to your something. This is a
problem with the setup somehow. No one should have a problem accessing items in
a new DocLib.

 
Answer #3    Answered By: Aastha Acharya     Answered On: Apr 17

Still looking into this issue, not finding much is there a way to contact MS
support for this? Not sure what our support agreement is with them since its
WSS? Though we have a lot of other MS stuff too! Any suggestions for reaching
out to get some further help? Or ideas where to start looking on this one?

 
Answer #4    Answered By: Glenda Roth     Answered On: Apr 17

Going out on a limb here, I'll assume permissions  are correct? When you say AN
ITEM are you referring to the document itself or the RowItem? Are you using  a
DVWP?

Read here for anything related:
www.beyondweblogs.com/.../SharePoint-security-access-denied-permission-c\
orruption-problem-Edit-Item-and-Access-Workflows.aspx
mdasblog.wordpress.com/.../
jamestsai.net/.../Understand-SharePoint-Permissions-Part-2-Check-Sh\
arePoint-usergroup-permissions-with-Permissions-web-service-and-JavaScript.aspx
msdn.microsoft.com/.../...oint.spbuiltinfieldid.pe\
rmmask.aspx

 
Answer #5    Answered By: Jada Clemons     Answered On: Apr 17

It is the RowItem that it happens on, not specific to doc  lib or list  but always
when trying to create new item  or edit properties of existing item (before
running this script) does it for both when creating  a new one. Not using  a DVWP
just standard site  settings create new document library then upload an word doc
then try to edit the properties and bam get access  denied and I¡Çm a farm
admin, site collection admini, and owner on the site!

 
Answer #6    Answered By: Brooke Lewis     Answered On: Apr 17

Have you tried running stsadm
-secureresources to reapply service account permissions? Also, before running
this command, you might want to check the accounts that SharePoint is using  as
its service accounts for your services, app pools etc. And another thought...
did the old SP admin  install using his personal account? Which perhaps now has
been disabled or deleted?

 
Answer #7    Answered By: Talia Johns     Answered On: Apr 17

I will look into your suggestions, yes the old admin  left our
organization and his AD account has been deactivated, but this issue  was
happening before then he was the one that brought it to my attention, thanks for
the info I will look into it as part of the problem.

 
Answer #8    Answered By: Tera Callahan     Answered On: Apr 17

I felt a great desire to post this solution for all of you just in-case you run
into this problem as I did, I have spent three weeks off and on researching,
testing, and so fourth to find the core problem and a solution to it.

Core Problem Definition:
SharePoint gives access  denied when trying to Edit item  in List
and/or Document Library even if user is granted full control permissions  or is
part of the site  Collection Administrators Group

Core cause of the problem:
The Site Collection and underlying lists / document libraries permissions are
out of sync with the SharePoint database, bug from installing SharePoint using
the original SharePoint with SP1 install pack and doing an export / import

Solution to my problem was as follows [thank you to those who helped and those
who blogged<http://en.wikipedia.org/wiki/Blog> about it]:
There are three main things that need to happen to fix  this issue:

1.) There is a hot fix that needs to be installed, but I recommend just
scheduling a maintenance window and running SharePoint¡Çs latest Service
Pack, the hot fix should be included in there (currently that is SP service pack
2, and remember test this in your development environment first)
2.) The previous hot fix will fix any NEWLY created  Site Collection and the
lists / document libraries UNDER that Site Collection from having any further
issues, but this DOES NOT fix the permissions for any of the PREVIOUSLY created
Site Collection(s) nor the lists / document libraries underneath that site
collection, so you need to run  the code from the KB article referenced below to
fix the SITE COLLECTION permissions (This was the step I was missing)
3.) The above code will fix the SITE COLLECTION permissions so that any NEWLY
created list  or document library underneath the existing SITE COLLECTION will no
longer get access denied  error on them, BUT THIS WILL NOT fix any of the
existing lists and/or document libraries underneath this Site Collection, so you
need to run the second script  from the same KB article (or you can use my code)
on every EXISTING list and document library (The core part of the code I wrote
is the same, there is also a reference to the bottom to a site with some code
for iterating thru the lists and/or document libraries to fix them all at once).

Once you have done these three steps your Site Collection and lists / document
libraries Templates, your existing Site Collection(s), and your existing list(s)
/document libraries will all now be up to date and in sync with your SharePoint
database. You should no longer see the access denied error  (assuming you have
the appropriate rights, which is also an assumption for the scripts since it
updates the SharePoint database [NOTE: I had to run the script in production
environment using  the same account that we use to connect to our database server
with SharePoint])

References:

Problem - http://support.microsoft.com/kb/961175 &
http://support.microsoft.com/kb/971351
Make sure you are all up to date -
sharepointadminwiki.com/.../SharePoint+V\
ersions
Pre-compiled fix on codeplex with source code include (there where typos in the
KB article above 971351<http://support.microsoft.com/kb/971351> so I suggest
using Rodney Vianna¡Çs code from codeplex)
download.codeplex.com/.../FileDownload.aspx\
eyviana&DownloadId=97361&FileTime=129054887312170000&Build=16135
Rodney Vianna¡Çs Blog -
blogs.msdn.com/.../you-cannot-edit-list-or-doc\
ument-library-items-on-existing-sharepoint-sites.aspx
This is the script with a loop [SCROLL Down very last comment by Dave Cornall] -
odole.wordpress.com/.../access-denied-error-message-while-editing-\
properties-of-any-document-in-a-moss-document-library/

Extra reading:
WSS Rights Mask is an 8-byte, unsigned integer that specifies the rights that
can be assigned to a
user<http://msdn.microsoft.com/en-us/library/cc704372" target="_blank" rel="nofollow">http://msdn.microsoft.com/en-us/library/cc704372(PROT.10).aspx> or site
group<http://msdn.microsoft.com/en-us/library/cc704372" target="_blank" rel="nofollow">http://msdn.microsoft.com/en-us/library/cc704372(PROT.10).aspx>. -
http://msdn.microsoft.com/en-us/library/cc704409(PROT.10).aspx
SPBuiltInFieldId Fields (Microsoft.SharePoint) -
msdn.microsoft.com/.../...oint.spbuiltinfieldid_fi\
elds.aspx &
msdn.microsoft.com/.../...oint.spbuiltinfieldid.pe\
rmmask.aspx
GOOD article on permissions in SharePoint from developers standpoint -
jamestsai.net/.../Understand-SharePoint-Permissions-Part-2-Check-Sh\
arePoint-usergroup-permissions-with-Permissions-web-service-and-JavaScript.aspx

 
Didn't find what you were looking for? Find more on Permissions issue Or get search suggestion and latest updates.




Tagged: